Configurar router Vyatta - Red + DMZ - Víctor Ruiz López

Configurar router Vyatta – Red + DMZ

3 febrero, 2014 Firewall

Debemos tener previamente instalado vyatta

[Interfaces]
configure
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description WAN
set interfaces ethernet eth1 address 10.20.0.1/24
set interfaces ethernet eth1 description LAN
set interfaces ethernet eth2 address 10.30.0.1/24
set interfaces ethernet eth2 description DMZ
commit
save
exit
show interfaces
reboot

[Servicios - SSH]
set system login banner pre-login "PROHIBIDO ACCESO NO AUTORIZADO"
commit
save
reboot

 

[Servicios - DHCP - LAN]

configure
set service dhcp-server shared-network-name LAN-POOL subnet 10.20.0.0/24
set service dhcp-server shared-network-name LAN-POOL subnet 10.20.0.0/24 default-router 10.20.0.1
set service dhcp-server shared-network-name LAN-POOL subnet 10.20.0.0/24 dns-server 10.20.0.1
set service dhcp-server shared-network-name LAN-POOL subnet 10.20.0.0/24 dns-server 8.8.8.8
set service dhcp-server shared-network-name LAN-POOL subnet 10.20.0.0/24 start 10.20.0.20 stop 10.20.0.30
commit
show service dhcp-server

 

[Servicios - DHCP - DMZ]

configure
set service dhcp-server shared-network-name DMZ-POOL subnet 10.30.0.0/24
set service dhcp-server shared-network-name DMZ-POOL subnet 10.30.0.0/24 default-router 10.30.0.1
set service dhcp-server shared-network-name DMZ-POOL subnet 10.30.0.0/24 dns-server 10.30.0.1
set service dhcp-server shared-network-name DMZ-POOL subnet 10.30.0.0/24 dns-server 8.8.8.8
set service dhcp-server shared-network-name DMZ-POOL subnet 10.30.0.0/24 start 10.30.0.20 stop 10.30.0.30
commit
show service dhcp-server
save

 

[NAT]

set service nat rule 10 source address 10.20.0.0/24
set service nat rule 10 outbound-interface eth0
set service nat rule 10 type masquerade
commit
show service nat
save

 

[SYSTEM ZONE + NTP]

configure
set system time-zone Europe/Madrid
delete system ntp server
set system ntp server hora.rediris.es

[DNS]

configure
set service dns forwarding name-server  *.*.*.*  #Servidor Dns que entregaremos por DHCP
set service dns forwarding name-server *.*.*.*  #Servidor Dns Secundario que entregaremos por DHCP
set service dns forwarding listen-on eth1
set service dns forwarding listen-on eth2
commit
[FIREWAL]
configure
set firewall name BASIC description "Filter traffic statefully"
set firewall name BASIC rule 1 action accept
set firewall name BASIC rule 1 state established enable
set firewall name BASIC rule 1 state related enable
set firewall name BASIC rule 2 action drop
set firewall name BASIC rule 2 state invalid enable
set firewall name BASIC rule 2 log enable
commit
show firewall name BASIC

save

reboot